name: Dependency Review

on:
  schedule:
    - cron: '12 12 * * *'
  pull_request_target:
    paths:
      - '**.lock'
  workflow_dispatch:
    inputs: {}

concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout the repository
        uses: actions/checkout@v4.1.4

      - name: GitHub dependency vulnerability check
        if: ${{ github.event_name == 'pull_request_target' }}
        uses: actions/dependency-review-action@v4.3.2
